My Websites Got Hacked: What to do and How to Fix Your WordPress Site When This Happens

I’ve been designing websites for a very long time. DeZign My Website has been around since 1999 and it wasn’t until recently that several of my websites got hacked. Not once, but twice! That’s two separate attacks in the span of 1 month. Both 2 weeks apart. Below I will explain what happened, and what are some steps you can do to protect yourself or minimize the damage.

There are many bloggers out there that say not to worry when your site gets hacked. But you definitely should. You also DO need to go into panic mode. And once you do fix the problems, there is a chance it can still happen AGAIN. As was my case, where after the first hack, a completely different hacker hacked into the same site and other sites after I had protected my site with some security plugins. I will go over what I used.

Even USA Today warns of the dangers of how small business suffer from these attacks. I mean, if hackers can break into Sony, they can certainly break into your site. But why would they?

WHY DO HACKERS WANT TO ATTACK MY SITE?

I asked myself that very question. I don’t have credit cards stored on my site. Some of the sites attacked had very little visitors. The sites that I had were just informational sites. Well, there are a couple of reasons they would want to attack.

The majority of the time, they aren’t targeting your specific website. Many times, they know of several vulnerabilities in WordPress Themes, Plugins, and even know of holes on your host’s servers. This is why, it’s so important to constantly update your WordPress. Even one of the most popular WordPress Plugin, Yoast SEO, was left with a hole for hackers to enter.

So with so many different openings, hackers use programs to exploit these openings, and eventually sites that haven’t been updated become compromised. And once they do, the hackers can accomplish several things:

USE YOUR SITE TO ATTACK OTHERS

Without getting too technical, they can use the large network of compromised computers to attack other sites. Since these attacks to the other sites are coming from your own, the hackers become very hard to trace. Have you heard of when sites go down because of hackers attacking them with too much traffic? Well, this usually happens coming from their large network of infected sites.

INSTALLING MALWARE ON YOUR SITE

Hackers want to store viruses, trojans and any other corrupted files on your site. If they keep it all on their own sites and computers, then they become easier to trace. A hacker may just store these on your site, and you may never know. Until they decides to take action.

JUST FOR FUN

Young hackers love showing what they can do. It’s just like graffiti on streets? Why is this done? Usually, just for fun and to show off or gangs marking their territory. These types of hack, usually occur in the form of a website defacement. This is when the hacker decides to put up their own pictures on your site with their name. And this is what happened to me… the first time.

ADDING LINKS OR PROMOTING THEIR SITE

There are always going to be those who want to take shortcuts. Hackers can add links to your site to help their SEO efforts with backlinks, or even have people redirected to their own site. This is what happened to my sites… the second time.

MY FIRST WEBSITE HACK

It was Sunday, and I usually check Google Adsense to see how my sites are doing. I noticed that one of my sites wasn’t making any money. I thought it was very strange, but also thought it was Sunday so people just weren’t really searching for the things I had on my site.

Sunday night, I quickly checked Google Analytics, and noticed traffic had basically just stopped. Strange. So I go to my site, and this is what I am greeted with:

Hackers Placed This On My Site

My whole site was gone. Instead, the whole screen was black, and it said:

Hacked by TangerangCoder

Indonesian Defacer Rulez

Then some loud techno music went on in the background!

I went into panic mode. Then I checked 3 other sites that I suspected may have also been infected.

And I was right. 4 sites had been hacked.

FIRST STEP WHEN DEALING WITH THE HACK: CALL YOUR HOST

My sites are hosted with Hostgator, so the first thing I did was go to Hostgator’s Live Support Chat. As you know, I recommend Hostgator as a low price hosting solution, especially when you are hosting several websites. However, when you are paying low price, don’t expect high price support.

The Hostgator technical support chat was useless.

The guy told me yes, my site was hacked. Then said he would submit a ticket to the security department.

I asked him how long that was going to take? He told me that they would be taking care of it as soon as possible and said “We will do everything in our power to fix this for you.”

My Chat With HostGator Support

My site that was hacked was making money. I couldn’t just sit around and see how long Hostgator would take to fix this. So I had to jump into action myself.

By the way, do you want to know how long it took HOSTGATOR to finally address the issue and scan the site and see what was going on?

7 days. Yep… SEVEN DAYS. They didn’t get to my site until that following Sunday. So that’s what they mean they tell you “We will do everything in our power to fix this for you.”

Again, I still host my sites with Hostgator because they are cheap. But this is what you get with cheap hosting.

SECOND STEP WHEN DEALING WITH A HACKER: TAKE ACTION

So instead of waiting around for Hostgator to get back to me. The next thing I did was go into the WordPress Admin Panel. On my first site, I was able to log in.

The theme had not been updated to the latest. I also noticed there was a recent version of WordPress that needed to be updated. I updated both WordPress and also the theme. Then I went to my site’s home page.

The hacker’s Black Screen was gone. Updating the theme and wordpress had solved this!

Then I went to Users area in WordPress:

And the hackers had added about 5 different emails. The above screenshot doesn’t show all the emails, because I had to delete them. Which is what you are going to want to do also if you have been hacked.

So I had fixed the first site. On to the next.

UNABLE TO LOG INTO WORDPRESS ADMIN PAGE AFTER HACK

After fixing the first site, I thought it was going to be just as easy. So I went to the admin page of the second site… but it was gone!

The http://yoursite.com/wp-admin was GONE and replaced with the hackers black screen!

There was no way to access the WordPress Dashboard from the website!

After continuing to sweat and panic, I quickly did research and found out how to get into the back end. Here’s what I did.

HOW TO ACCESS YOUR WORDPRESS DASHBOARD WITHOUT THE WP ADMIN PAGE

You have to accomplish this via your CPANEL account. The goal is to change the theme of the website that is being hacked to another theme. This worked for me, and hopefully will work for you.

1) Get to your CPanel page and go to phpMyAdmin

PhpMyAdmin

2) Go to the wp_options under your database table on the top left of the screen.

3) This is going to open up the database tables on the right. You are looking for “template” and “stylesheet” in the “option_name” header. On mine, it wasn’t in the first 30 rows, so click on the next page and it should be there.

4) Once you find the “template” and “stylesheet” cell, you’ll see the name of your theme right next to it. On my site below, you will see I’m using the Nexus theme by Elegant Themes. (By the way, this is NOT the theme that got hacked. The theme that I believe was the culprit was the Schema Theme by MyThemeShop)

5) Click EDIT. And you will be taken to the following screen. In mine it says Nexus. You can change that to whatever theme name you want. You can use the WordPress Theme name TwentyFifteen. So Replace whatever name you have in there to “TwentyFifteen.” Press GO.

6) Do the same for the STYLESHEET field. Replace your theme name to “TwentyFifteen” and press Go.

You just changed your theme!

7) So now go back to your admin page which is http://yoursite.com/wp-admin

And you should see your login form again.

Once you are back in, do the same thing I did with my first site which is updating WordPress and updating the Theme. Also make sure you update all plugins if there are any updates.

NEXT STEPS POST HACK

This was a scary experience. I believe I knew why this site was hacked. There are two theories.

1) I neglected to update the Theme and latest WordPress Version. So make sure you update this.

2) The user name was left as “admin” and the hackers were using Brute Force Password Guessing. Most people will leave the username as “admin” or as “masteradmin” and hackers will use programs that will continually try different password combinations with these usernames. I did however, have a strong password, so it’s pretty crazy if they were able to guess it. I was using symbols, numbers, upper and lower case.

3) I had to figure out the best WordPress security plugins. The two that stand out are WordFence and Sucuri. They both have free versions and also premium versions. I used the free version. When using WordFence, it will tell you when someone is trying to log into your WordPress.

You won’t believe how many times a day a hacker is trying to get into your site. These plugins will tell you.

4) The other thing you need to do is back up your website. The second time I got hacked, this is what saved me. I will be writing also on how I restored my site.

FINAL THOUGHTS

It’s scary to be hacked. And if you are building websites for a long time, it’s just bound to happen. You have to back up your site and have some kind of security plugin. You also need to have strong passwords and unique usernames – not just use “admin.”

And even if you take these precautions, you can still get hacked.

Two weeks after this, I got hacked AGAIN. In a different manner.

I will write about it in a future post as I’m actually giving Hostgator a chance to see if they can find out how this second hack happened so I left the hacked site as is. I’m not very hopeful on them finding out. It’s already been several days, and I haven’t heard an update from them. I don’t expect to until next week. I will write an update if they find out.

I plan on getting a more secure and more expensive host for my bigger sites. I do plan on keeping the rest on Hostgator. I’ve already started doing research on this, and I’m liking Traffic Planet Hosting, but I still have not made a change. I asked their chat support what they offer in terms of security and the response wasn’t as detailed or as comforting as I would have liked. But their hosting, does have good reviews so I may try them out.

I plan on getting a premium service for my security plugin. Most likely I’ll use Sucuri. However, their price is $18 a month, so I’ll only be using them on big sites that justify this cost.

Have you been hacked? If so, how did you recover and what are you doing now to protect your site?